Do not log event id 4688 – A new process has been created

Using Group Policy Editor (gpedit.msc) or Local Security Policy (secpol.msc) Security Settings -> Audit Policy -> Audit Process Tracking or Advanced Audit Policy Configuration -> System Audit Policy -> Detailed Tracking -> Disabled.

Even issuing

auditpol /clear
auditpol /get /category:*

shows Process creation: no auditing

Still have those event id 4688 in Security Log.

Windows 10

Know someone who can answer? Share a link to this question via email, Twitter, or Facebook.